If you think nix-shell is cool, try out comma. https://github.com/nix-community/comma

When there's some random little utility I need I don't always bother to install it. It's just `, weirdlittleutil`.

If I run `nc -l 31337 | sh` that puts my system into a remotely exploitable state, but that doesn't mean that nc or sh have RCE vulnerabilities, or that operating systems which allow installing nc and sh have RCE vulnerabilities.

nc and sh are well known and documented tools. Their existence on a system and running state can be inspected and the implications of various configurations is well understood.

If someone just discovered nc in the wild and up to that point it had been unknown, people would put that bit of software in a very different category than the one it exists in today.

> If I run `nc -l 31337 | sh` that puts my system into a remotely exploitable state

Quick, before someone posts this to Mastodon and gives presentation at security conference with title:

Living off the Land: the Hidden Threat Within

Clearly we need an extension to search this new service with telescope.nvim. telescope-telescope.nvim.